How to activate logging for Citrix Exploit 1 and 2
![Image](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXsPFAfaH6aWnPuCZGHKv6rNW7HDaRHYD2e0FXykXbHMgiTDkaN1dMqHik6SuPZeybmuIkeaeEorEQJRd8lCEgRJKnBv_E3Sp7M4M9gIUYAwi8Ay-HUOn3rvoIi-v4F8ZtbjBmUPBwNQ/s400/NetScaler.png)
Daniel Weppeler postet a link on how to activate Citrix Logging for Exploit 1 and 2: https://twitter.com/_DanielWep/status/1217022904073801728 #CVE201919781 #Citrix Create MessageAction: add audit messageaction MsgAct_CVE WARNING "\"CVE Attack from IP \"+CLIENT.IP.SRC+\" - URL: \"+HTTP.REQ.URL.PATH.HTTP_URL_SAFE+\" (headers: \"+HTTP.REQ.FULL_HEADER.HTTP_HEADER_SAFE+\")\"" -logtoNewnslog YES Enable userDefinedAuditlog: set audit syslogParams -logLevel ALL -userDefinedAuditlog YES set audit nslogParams -logLevel ALL -userDefinedAuditlog YES Bind #Syslog Message Action to CVE Responder Policy: set responder policy ResPol_Fix_CVE-2019-19781 -logAction MsgAct_CVE